I was reading the Jenkins documentation and saw the following example:
pipeline {
agent any
environment {
EXAMPLE_CREDS = credentials('example-credentials-id')
}
stages {
stage('Example') {
steps {
/* CORRECT */
sh('curl -u $EXAMPLE_CREDS_USR:$EXAMPLE_CREDS_PSW https://example.com/')
}
}
}
}
In this same example we have the following phrase:
“Should Groovy perform the interpolation, the sensitive value will be injected directly into the arguments of the sh step, which among other issues, means that the literal value will be visible as an argument to the sh process on the agent in OS process listings. Using single-quotes instead of double-quotes when referencing these sensitive environment variables prevents this type of leaking.“
So this leads me to ask: How jenkins can execute the curl command without “resolving” the values for $EXAMPLE_CREDS_USR and $EXAMPLE_CREDS_PSW? Because these values aren’t be expanded using single quotes, right?